When you create a key pair using Amazon EC2, the public key is stored in Amazon EC2, and you store the private key.
You can use Amazon EC2 to create a key pair using one of the following methods.
To create a key pair using Amazon EC2
- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
.
In the navigation pane, under Network & Security, choose Key Pairs.
Choose Create key pair.
For Name, enter a descriptive name for the key pair. Amazon EC2 associates the public key with the name that you specify as the key name. A key name can include up to 255 ASCII characters. It can’t include leading or trailing spaces.
For Key pair type, choose RSA. Note that ED25519 keys are not supported for Windows instances.
For Private key file format, choose the format in which to save the private key. To save the private key in a format that can be used with OpenSSH, choose pem. To save the private key in a format that can be used with PuTTY, choose ppk.
To add a tag to the public key, choose Add tag, and enter the key and value for the tag. Repeat for each tag.
Choose Create key pair.
The private key file is automatically downloaded by your browser. The base file name is the name that you specified as the name of your key pair, and the file name extension is determined by the file format that you chose. Save the private key file in a safe place.
- ImportantThis is the only chance for you to save the private key file.
Create a key pair using a third-party tool and import the public key to Amazon EC2
Instead of using Amazon EC2 to create your key pair, you can create an RSA key pair by using a third-party tool, and then import the public key to Amazon EC2.
Requirements for key pairs
- Supported types: RSA. Amazon EC2 does not accept DSA keys.
Note
ED25519 keys are not supported for Windows instances.
Supported formats:
- OpenSSH public key format
- SSH private key file format must be PEM or PPK
- (RSA only) Base64 encoded DER format
- (RSA only) SSH public key file format as specified in RFC 4716
- Supported lengths: 1024, 2048, and 4096.
To create a key pair using a third-party tool
- Generate a key pair with a third-party tool of your choice. For example, you can use ssh-keygen (a tool provided with the standard OpenSSH installation). Alternatively, Java, Ruby, Python, and many other programming languages provide standard libraries that you can use to create an RSA key pair.
Important
The private key must be in the PEM or PPK format. For example, use ssh-keygen -m PEM to generate the OpenSSH key in the PEM format.
Save the public key to a local file. For example, C:\keys\my-key-pair.pub. The file name extension for this file is not important.
Save the private key to a local file that has the .pem or .ppk extension. For example, C:\keys\my-key-pair.pem or C:\keys\my-key-pair.ppk. The file name extension for this file is important because only .pem files can be selected when connecting to your Windows instance from the EC2 console.
- ImportantSave the private key file in a safe place. You’ll need to provide the name of your public key when you launch an instance, and the corresponding private key each time you connect to the instance.
After you have created the key pair, use one of the following methods to import your public key to Amazon EC2.
To import the public key to Amazon EC2
- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
.
In the navigation pane, choose Key Pairs.
Choose Import key pair.
For Name, enter a descriptive name for the public key. The name can include up to 255 ASCII characters. It can’t include leading or trailing spaces.
Note
When you connect to your instance from the EC2 console, the console suggests this name for the name of your private key file.
Either choose Browse to navigate to and select your public key, or paste the contents of your public key into the Public key contents field.
Choose Import key pair.
Verify that the public key that you imported appears in the list of key pairs.